Configure the BlackBerry Secure Gateway to use OAuth with supported TLS versions and ciphers
BlackBerry Secure Gateway
to use OAuth with supported TLS versions and ciphersYou can configure the
BlackBerry Secure Gateway
to use OAuth for modern authentication. To use OAuth, you need to specify the mail server URL from the email profile, and the URL to retrieve the identity provider discovery document. For more information on the discovery document, see the Microsoft documentation.You can also specify the TLS version and
Microsoft
Exchange
SSL ciphers that the BlackBerry Secure Gateway
uses for connections to Exchange ActiveSync
. You may need to update this list according to the security requirements of yourExchange ActiveSync
server.- In the management console, on the menu bar, clickSettings > External Integration > BlackBerry Secure Gateway.
- To add or remove a TLS version or SSL cipher, click
in the appropriate table. - Click the TLS version or cipher that you want to add or remove from theSelectedlist.
- Click the arrow to move the item to the desired list.
- ClickAssign.
- To use modern authentication, selectEnable OAuth for mail server authentication.
- In theDiscovery endpointfield, type the URL that theBlackBerry Secure Gatewayuses to retrieve and cache the identity provider discovery document.
- Format:https://<identity provider>/.well-known/openid-configuration
- Example:https://login.microsoftonline.com/common/.well-known/openid-configuration
- Example:https://login.windows.net/common/.well-known/openid-configuration
TheBlackBerry Secure Gatewayretrieves both the unversioned and v2.0 discovery documents and periodically refreshes the cached documents. - In theMail server resourcefield, type the URL for the mail server specified in the email profile, starting with "https://" (for example.https://outlook.office365.com).
- ClickSave.